It’s Not Magic, It’s Mechanics: Demystifying the OWASP Top 10 for AI
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with Sabrina Kayaci, Cybersecurity Engineer for Immersive One, and Rebecca Schimmoeller, Lead Product Marketing Manager. Today, we’re continuing the discussion on our Secure AI capability. “When developers hear ‘AI Security,’ they either start to sweat or eye-roll. It either feels like a black box where the old rules don’t apply, or it feels like inflated marketing hype. The truth is, AI vulnerabilities aren't magic; they are mostly just new manifestations of the classic flaws we’ve been fighting for decades. Once you map the new threats to the old patterns, the mystique fades. You realize it’s not magic to fear or hype to ignore—it’s just an engineering problem to solve.” Rebecca: Awesome frame, Sabrina. No matter where you sit on the spectrum—whether you’re anxious about the risks or skeptical of the buzz—AI security doesn't mean starting from zero. Developers should already have the muscle memory for this. Sabrina: Exactly. We aren't asking them to learn a new language; we're asking them to apply their existing fluency to a new dialect. That’s the core philosophy behind our new OWASP Top 10 for LLMs and GenAI collection. We tackle the problem that AI is often treated as a "new and daunting" field. By framing threats like Supply Chain Vulnerabilities or Excessive Agency as variations of known issues, we accelerate the learning curve. We strip away the "AI mysticism" to reveal the underlying mechanical flaw. Rebecca: I love "stripping away the mysticism." Let’s talk about how that works, starting with the big one everyone is concerned about—Prompt Injection. How do you take that from "scary AI jailbreak" to something a grounded engineer can fix? Sabrina: In the media, Prompt Injection is portrayed as this sentient ghost in the machine. In our lab, we treat it as an Input Validation failure. We show that the system is simply confusing "user input" with "system instructions." When a developer sees it through that lens, the eye-roll stops. It’s no longer hype; it’s just mixed context. And they know how to fix mixed context. We show them how to apply that architectural fix to an LLM. Rebecca: That maps perfectly. But looking at the curriculum, I see we go much deeper than just a standard "Top 10" checklist. Why was it important to go beyond the simple definitions? Sabrina: Because a definition tells you what something is, but it doesn't tell you how it impacts you. In the new OWASP LLM collection, we focus on Core Mechanics and Attack Vectors. We deconstruct threats like Data and Model Poisoning or Supply Chain vulnerabilities to show you exactly how they infiltrate a system. It’s the difference between knowing what an engine looks like and knowing how to take it apart. You need to understand the mechanics of the vulnerability to understand the potential impact—otherwise, you're just guessing at the fix. Rebecca: It sounds like we're upgrading their threat modeling software, not just their syntax. Sabrina: Yes, 100%. Look at Excessive Agency. That sounds like a sci-fi plot about a robot takeover. But when you do the lab, you realize it’s just "Broken Access Control" on steroids. It’s about what happens when you give an automated component too much permission to act on your behalf. Once a developer maps "Excessive Agency" to "Least Privilege," they stop worrying about the robot and start locking down the permissions. Rebecca: Is the goal to get them through all ten modules to earn a Badge? Sabrina: The OWASP Top 10 for LLMs Badge is the end state. It proves you have moved past the "sweat or eye-roll" reactive phase. To your manager, it signals you have a proactive, structured understanding of the AI risk landscape and can speak the language of secure AI. There’s no hype in that. Only value-add to you and your team. Final Thought Our OWASP Top 10 for LLMs collection is the antidote to AI security angst. For the developer, it demystifies the threat landscape, proving that their existing security instincts are the key to solving new problems. For the organization, it ensures that your AI strategy is built on a bedrock of engineering reality, rather than a shaky foundation of fear. [Access Collection]Architecting at Speed: Mastering Secure Development with OpenAI Codex
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with BenMcCarthy, Lead Cybersecurity Engineer for Immersive One, and RebeccaSchimmoeller, Lead Product Marketing Manager. Today, we’re continuing the discussion on our Secure AI capability. There is a misconception that security is the enemy of development speed. But with AI, the opposite is true. If you don't have security engineered into your AI workflow, you can't actually go fast—because you’re constantly stopping to fix 'trash code' or patch vulnerabilities. The developers who win in this era aren't just the ones coding faster; they are the ones architecting systems that are secure by design, even at AI speeds.” Rebecca: That’s a crucial distinction, Ben. We often hear that AI is a "firehose" of productivity, but without control, that firehose just creates a mess. It seems like the role of the developer is shifting from "writing lines" to managing this high-velocity output. How does the new Building with AI: Codex CLI collection help them make that shift? Ben: By giving them the controls they need to harness that speed safely. If you let OpenAI’s Codex run without guardrails or understanding, you get velocity, sure—but you also get risk. We designed this collection to empower developers to become their own Security Architects for their workflows. We are leveraging the Azure AI Foundry capability to give learners real, secure access to these models. The goal isn't to teach you how to hit "Tab" to autocomplete; it's to teach you how to rigorously evaluate, guide, and constrain what the AI produces using the command line tool like Codex so you can ship code that is both fast and bulletproof. Rebecca: So it’s about elevating the human’s role to "Architect." Let’s talk specifics given what the collection covers—how did you instill that mindset? Ben: We start by ensuring developers know the power of what you can do with Codex. How to get the best out of your models in this CLI tool. We go over effective prompt engineering, tool usage, and how AI can help with "Greenfield" projects (net-new builds) and "Brownfield" projects (legacy codebases). This is a critical skill for a lead engineer. AI is great at generating new code (greenfield), but it can be dangerous when it doesn't understand the hidden dependencies of a ten-year-old application (brownfield). We teach engineers how to spot those context gaps, key stuff that the AI might miss. Rebecca: I saw "specification-driven development" was a big part of your roadmap, too. How does that fit into the "speed" theme? Ben: This is the ultimate accelerator. Instead of writing the code line-by-line, you write the "spec"—the blueprint—and let Codex handle the implementation details. It’s not about doing less work; it’s about doing higher-leverage work. You define the logic and security constraints, and the AI handles the boilerplate. It shifts the developer’s brain from "how do I type this function?" to "what should this system actually do?" Rebecca: That sounds like a powerful approach, Ben. But what about the security risks? If developers are offloading implementation to Codex, how do they avoid leaking data or introducing bugs? Ben: That’s non-negotiable. In the Guardrails lab, we show learners how to build a safety net. We teach practical methods for stripping PII (Personally Identifiable Information) and using hooks to sanitize inputs before they reach the model. It gives developers the confidence to use these tools freely, knowing they have already engineered the safety mechanisms to protect their org. Rebecca: I saw a lab in the collection called "Tools and MCP" (Model Context Protocol). Is that where you get into advanced workflows? Ben: Exactly. This is where we give developers the keys to become a force multiplier. We show users how to connect Codex to other tools. This is the ideal definition of ROI for developers. You’re automating the tedious "check your work" phase, allowing you to ship secure code faster without burning out on manual review. Rebecca: It feels like that approach accepts today’s AI era realities for what they are and finds the strategic advantages… pushing developers towards productivity and security gains with real mastery. And just like the Claude collection, users have access to a Demonstrate Lab, to prove that mastery, am I right? Ben: Absolutely. The Demonstrate Lab challenges users to build a solution that’s efficient, functional, and secure. It proves that you aren't just an "AI user"—you are an AI Engineer who understands the capabilities the collection covers. Final Thought Our Building with AI: Codex collection is about upgrading the developer’s toolkit. For the organization, it ensures AI adoption is secure and scalable. For the engineer, it removes the drudgery of boilerplate, freeing you to focus on the creative, architectural challenges that drive real value. Ready to upgrade your workflow? [Access Collection]Bad News for Black Hats: Why Our New Dynamic Threat Range Is Bound to Ruin Their Day
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with DaveSpencer, Immersive Product Manager for Technical Exercising, and RebeccaSchimmoeller Lead Product Marketing Manager. “Getting your SOC team off their desks for a multi-day drill is tough. Then, having them practice on a generic SIEM when your entire team lives and breathes in Splunk? I mean, practice is supposed to make perfect … That set-up is … flawed.” Rebecca: No kidding, Dave. It sounds like you heard from a lot of SOC Managers that their teams were running straight into what we call the ‘relevance gap.’ Can you break down what that actually means for hands-on analysts? Dave: Think of that 'gap' as the frustrating space between theory and reality. It’s when you force an analyst to practice on a generic, made-up tool, but their actual job is 100% in Splunk. It’s running an exercise on a simple, flat network when your real corporate network is a complex, segmented beast. Rebecca: So, the skills they're learning just don't transfer to the real world. Dave: Exactly. It’s why a team can get a 100% pass rate on a training module and still be completely unprepared when a real incident hits. It’s not just wasted time; it’s a false sense of security. Rebecca: So, how does our new Dynamic Threat Range capability solve that? How do we close that gap for good? Dave: By blowing it up entirely. We built this from the ground up to be hyper-realistic. Dynamic Threat Range is the only capability on the market that lets teams run live-fire exercises in a high-fidelity replica of an enterprise environment, using licensed security tools. At launch this November, we’re talking native support for Splunk and Elastic. This isn't just replaying logs; it's an authentic, full-chain adversary attack, built by our elite C7 threat team, running on the exact tools teams use every single day. Rebecca: Okay, so that’s a game-changer for the hands-on user and, no doubt, from managers too. They’re struggling to prove where their team is at in order to help them improve. How do we help them with this? You know, move beyond a pretty unhelpful "pass/fail"? Dave: Right. That's actually a core pillar we’ve built against. With Dynamic Threat Range, customers move beyond arbitrary scores. Our design is all about objective proof of readiness. We're giving managers the hard data they need to prove their team’s capability and justify their security spend. Rebecca: Oh … tell me more! Dave: At launch, we’re measuring key metrics like Time to Detect, Time to Escalate, and Investigation Accuracy. It’s the only way to get verifiable, evidence-based data on performance. “In a real attack, the platform doesn’t tell you if you’re right or wrong. So why should your exercise?” Rebecca: Running full-chain attacks on a replica of a customer's environment sounds incredibly complex. I can just hear the IT and Ops teams groaning about setup, VPNs, and operational overhead. Dave: (Laughs) Yeah, we heard that, too. And that’s why we made it 100% browser-based. No VPNs. No operational headaches. You get into the exercise and start learning in seconds. We also designed the exercises to be practical. Getting a SOC team offline for a multi-day drill is really hard. So, these default to 4 hours—intense, focused, and easy for a manager to schedule. You can extend it to 24 hours if you want to practice handovers between shifts, but the goal is zero friction. Rebecca: I love that. So, as an analyst, what can I actually do in these 4-hour exercises at launch? Dave: We’re launching with two critical exercise types. First is Digital Forensics and Incident Response (DFIR), where you join after the attack has happened and you have to use your Splunk or Elastic instance to piece together what went wrong. The second is Threat Hunting, which I love. You're in the environment as the attack itself is kicking off, and you have a detailed threat intelligence pack to work from, allowing you to proactively detect the threat before it causes real damage. It’s the difference between being a digital archaeologist and being the hunter on the ground. Rebecca: So cool! This is already huge, Dave. Knowing you, though, the team is just getting started. What’s the long-term vision? Dave: We're moving fast. We’re already working on Microsoft Sentinel support for Q1 2026. After that, we’re building out exercises for the entire security lifecycle—Containment, Recovery, Red Team, and Purple Team drills. The vision is to let you exercise every part of your security function and then benchmark your performance against your industry peers. That’s the real holy grail: knowing exactly where you stand. Rebecca: Dave, this is incredible. The passion you and the team have for solving this real-world problem is clear. Thanks so much for geeking out with me today. Dave: Any time. We're just excited to get it in people's hands. Final Thought The days of generic, classroom-style training are over. Dynamic Threat Range finally bridges the gap between practice and reality, allowing your teams to build muscle memory on the actual technology they are paid to protect. It moves your entire security function from ‘we think we’re ready’ to ‘we know we’re ready’—with the data to prove it. Want to see how it works? Don’t miss this demo.The Case of the Connected Factory: New OT Labs Uncover the Dark Side of Automation
It’s been a long year on the beat. The IT side of the cyber city gets all the headlines, but the real trouble – the deep, dark stuff that keeps CISOs up at night – is happening behind locked fences in the operational technology (OT) district. That’s where the trains run, the water flows, and the lights stay on. It’s vulnerable, and Immersive is opening up a new file on the case. I sat down with SamMaesschalck, our OT subject matter expert, and James Harris, his number two on the build, to shine a flashlight on the new OT labs dropping this October. In the labs, you’ll get a hands-on look at the characteristics and vulnerabilities that define the real world of industrial control. 1. The score: Breaking the machine When you talk about OT security, you’ll be looking at human-machine interfaces (HMIs) and programmable logic controllers (PLCs). These are the screens and brains of the factory floor, and they’ve been getting a serious inspection. Our experts confirmed that OT penetration testing is an emerging field, with companies becoming “more open to the fact. They’re saying, ‘Let's see what an attacker could do in our environment’.” The Hack Your First HMI lab collection is a key part of our latest release. It includes six labs dedicated to the art of the break-in. “That’s the kind of collection that I focused on,” James told me. “I was looking at the different ways that you can break an HMI or get it to display information that’s not necessarily true.” The motivation? The legendary Stuxnet attack. Stuxnet is a malicious computer worm that reportedly compromised Iranian PLCs and caused substantial damage to Iran’s nuclear program in 2010. As James explains: “Part of the attack was about creating a display so engineers think everything is okay, while behind the scenes everything’s chaotic and spluttering into pieces.” These labs teach you about HMI discovery, exploitation, and even how to execute machine-in-the-middle (MITM) attacks to report false values. It’s about putting the operator in a compromised position. 2. The rulebook: Making GRC fun (seriously) Every detective knows the paperwork is the worst part of the job. In OT, that paperwork is GRC (governance, risk, and compliance), specifically the ISA/IEC 62443 fundamentals. James echoed what most of us were thinking: “GRC is boring. I like breaking stuff, whereas Sam was more than happy to write thorough GRC labs, which made me very relieved”. But Sam also found a way to make the necessary standards interesting, if not exactly thrilling. In addition to sharing that he “did really enjoy the GRC labs”, he also “tried to make it as fun as possible”. How fun? “I did manage to get some Fallout image art in the labs.” The result is a six-lab collection that cuts through the dry text to cover the core focus areas and framework structure of the standards, bridging the gap between high-level policy and hands-on application. 3. The rail line incident: A crisis on the tracks One new release stands out for its sheer, high-stakes drama: a Crisis Simulation built around the UK rail sector, which has “sprawling ramifications”. Sam outlined the grim morning in the scenario: “Suddenly, there are a lot of logs. There’s been a firmware download to a number of trains, but the firmware wasn’t approved”. In a rail environment, if one train is blocked, it has lasting effects on the entire railway. The Crisis Sim explores the tough decisions when you have to prioritize the safety of the passengers. Accompanying the Crisis Sim is a new rail content collection. While it’s currently theory-based, it covers the essential legislation, vulnerabilities, and high-level concepts for those working on PI displays and the ECTS (European Train Control System). The detective’s final note Whether you’re in a trench coat trying to crack the code or an engineer trying to keep the lights on, the new labs are all about hands-on experience. As James put it, working in OT is a unique challenge: “Having a job where you can play with train sets for a living is pretty cool”. The case file is open. Grab your license – or your virtual Siemens hardware – and get ready to learn what happens when the digital world clashes with the physical. The new labs are live now. SamDickison, signing off... Links to labs: Hack Your First HMI: https://immersivelabs.online/series/hack-your-first-hmi ISA/IEC 62443: https://immersivelabs.online/series/isa-iec-62443-fundamentals Intro to Rail Sector OT: https://immersivelabs.online/series/ot-rail-sector OT labs are only available to organisations that have the OT license.October is here! Prepare for Cybersecurity Awareness Month with Immersive 🎃
In a world where technology and threats are constantly evolving, building a resilient team is more important than ever. At Immersive, we're proud to be your partner in this journey, and we've put together a fantastic lineup of events, challenges, and resources throughout October to help you and your teams stay ahead of the curve. What’s on at Immersive this Cybersecurity Awareness Month 📆 Oct 1st Whitepaper: GenAI’s Impact on Cybersecurity Skills and Training Oct 6th Trick or Treat on Specter Street Challenge Begins: Labs 1-3 Oct 9th Labs Live: Ripper's Riddle Community Webinar Oct 13th Trick or Treat on Specter Street Challenge: Labs 4 - 6 Oct 15th Webinar: How to Build a People-Centric Defense for AI-Driven Attacks Oct 16th Labs Live: Cursed Canvas Community Webinar Oct 20th Trick or Treat on Specter Street Challenge: Labs 7 - 9 Oct 22nd Cyber Resilience Customer Awards Winners Revealed Oct 23rd Labs Live: Macro Polo Community Webinar Oct 27th Trick or Treat on Specter Street Challenge: Labs 10-12 Oct 30th Labs Live: Phantom Pages Webinar Oct 31st Trick or Treat on Specter Street Challenge Finale: Labs 13 Oct 31st Virtual Crisis Sim: The Puppet Master’s Trick or Treat Challenges and Labs Trick or Treat on Specter Street 👻 Welcome to Trick or Treat on Specter Street, a Halloween-themed cybersecurity challenge where you'll use both offensive and defensive skills to solve a mystery unlike anything we’ve encountered before. Each week throughout October, we’ll drop new hands-on labs that slowly begin to uncover the secrets of Specter Street. Can you crack the case? Find out more. AI Foundations 🤖 Ready to navigate the rapidly evolving world of Artificial Intelligence with confidence? Give our new AI Foundations lab collection a go! Designed to equip your teams with critical AI knowledge and practical implementation skills; this initial collection features seven foundational labs that progressively guide your teams from high-level overviews to secure, hands-on AI implementation. Find out more. Events and Webinars Webinar How to Build a People-Centric Defense for AI-Driven Attacks Wednesday October 15th A must-attend event for understanding how threat actors are leveraging AI and other emerging technologies to carry out attacks. Register Now. Virtual Crisis Sim The Puppet Master’s Trick or Treat Friday October 31st Join us on Halloween as the notorious Puppet Master returns for a fiendish game of Trick or Treat 🎃 Play along with our Immersive crisis response experts as we tackle a LIVE coordinated attack from the Puppet Master on a Critical National Infrastructure organization. Dare you play the Puppet Master’s game and survive, or will they finally get their revenge?! Register Now. AI and Emerging Threats Throughout the month, we’re shining a spotlight on the rise of AI in cyber. From our all-new AI Foundational lab series to cutting edge research from the experts at the cutting edge of GenAI in cybersecurity in our latest whitepaper: GenAI’s Impact on Cybersecurity Skills and Training. Explore our latest AI-focused resources and upskill your teams to confidently face the future of cyber resilience. Check out our latest reports, articles, webinars and more on GenAI, here. Celebrating Cyber Resilience Heroes 🏆 We're also celebrating the individuals and organizations at the forefront of cyber resilience with our Cyber Resilience Customer Awards. Keep your eyes peeled on our social channels! We'll be unveiling our latest winners on October 22nd, recognizing those who demonstrate an outstanding commitment to proving and improving their cyber readiness. It's going to be a jam-packed month focused on practical application and deep engagement. Let’s make this the most secure October yet!Supercharge your cybersecurity skills development: Immersive integrates with Degreed
In this blog post, I explore benefits of the integration, what it means for you, and how you can leverage it to build a world-class cybersecurity team. Seamless access to Immersive content Accessing Immersive Labs' extensive catalog of labs is now easier than ever. We've integrated directly with Degreed's file transfer protocol (FTP), allowing you to browse and select from our entire library of practical cybersecurity challenges directly with the Degreed platform. This streamlined access simplifies the learning journey and encourages continuous skills development. Track progress and demonstrate impact with xAPI Demonstrating the impact of your learning initiatives is crucial. That's why we've implemented xAPI integration. As your team completes Immersive Labs exercises, detailed completion records are automatically sent to Degreed. This provides valuable insights into individual and team progress, allowing you to identify skill gaps, track improvement over time, and measure the effectiveness of your cybersecurity training programs. With xAPI, you can clearly view your team’s evolving skillset and make data-driven decisions for future training investments. What this means for you: Personalized learning: Combine Immersive Labs' hands-on exercises with Degreed's personalized learning paths to create a truly tailored skills development experience for each team member. Streamlined workflow: Access and launch Immersive Labs content directly within Degreed, eliminating the need to navigate between different platforms. Data-driven insights: Leverage xAPI integration to track progress, identify skill gaps, and measure the impact of your cybersecurity training programs. Enhanced engagement: Keep your team motivated and engaged with interactive, hands-on labs delivered seamlessly through the Degreed platform. Improved skills development: Accelerate the development of critical cybersecurity skills and build a more resilient and capable workforce. How it works: The integration is designed to be as seamless as possible. Your Degreed administrator will configure the connection to Immersive Labs via FTPs. Once configured, the Immersive Labs catalog will be available within Degreed. Learners can then discover and engage with labs directly within their Degreed learning paths. Behind the scenes, xAPI ensures that all learning activity is tracked and reported back to Degreed. Getting started: If you're an existing Immersive Labs and Degreed customer, reach out to your Immersive Labs Customer Success Manager to learn more about enabling the integration as it’s available to all Immersive Labs customers. They will guide you through the setup process and answer any questions you may have. The future of cybersecurity skills development is here The Immersive Labs and Degreed integration represents a significant step forward in cybersecurity skills development. By combining the power of hands-on learning with personalized pathways and data-driven insights, we're empowering organizations to build the cybersecurity teams of the future. We're excited about the possibilities this integration unlocks and can't wait to see its impact on your organization's cybersecurity posture. Share your thoughts While we look to expand the platforms we integrate into, we're eager to hear your perspective! Comment below with your questions, ideas, and how you plan to use this integration as well as other integrations you'd like to see.Elevate your cybersecurity training: Immersive now integrates with Cornerstone LMS
This integration combines the hands-on, engaging learning experience of Immersive Labs with the robust learning management capabilities of Cornerstone, creating a comprehensive and efficient solution for your cybersecurity training needs. What this integration means for you: Streamlined access to Immersive Labs content: Access our extensive library of labs directly within Cornerstone LMS. This allows your learners to seamlessly launch Immersive Labs and engage with the training they need, all within their familiar Cornerstone environment. Automated tracking and reporting: Leveraging the xAPI (Tin Can API) specification, the integration automatically sends detailed completion records from Immersive Labs to Cornerstone. This allows you to track learner progress, identify skill gaps, and measure the effectiveness of your cybersecurity training programs, all within your familiar Cornerstone environment. Enhanced learning experience: Provide your teams with engaging, hands-on cybersecurity training that translates directly to real-world skills. Immersive Labs' interactive simulations and challenges keep learners motivated and invested in their development. Improved efficiency: Reduce administrative overhead by automating tasks such as user provisioning, content updates, and progress tracking. This frees up your learning and development team to focus on more strategic initiatives. Data-driven insights: Gain valuable data on learner performance and skill development, enabling you to make informed decisions about future training investments and tailor learning paths to individual needs. How it works: The integration is designed for simplicity and ease of use. Your Cornerstone administrator will configure the connection to Immersive Labs, enabling the seamless flow of data between the two platforms. Learners can then access and launch Immersive Labs content directly from their Cornerstone learning paths. xAPI ensures that all learning activity is automatically tracked and reported back to Cornerstone, providing a comprehensive view of learner progress and skill development. Getting started: If you're an existing Immersive Labs and Cornerstone customer, reach out to your Immersive Labs Customer Success Manager to learn more about enabling this integration. They’ll guide you through the setup process and answer your questions. The power of connected learning: The Immersive Labs and Cornerstone integration represents a significant advancement in cybersecurity skills development. By connecting engaging, hands-on learning experiences with robust learning management capabilities, we're empowering organizations to build a more skilled and resilient cybersecurity workforce. Share your thoughts This is just the beginning! We're committed to expanding our integrations to provide you with an entirely seamless learning experience. Share your thoughts on this integration and tell us which platforms you'd like to see us connect with next in the comments below.Enhancing Cyber Resilience through Data Insights: Immersive’s REST API
Seamless access to your Immersive data Our REST API offers easy access to your Immersive data. Once authenticated, you can access your organization’s data by making REST API requests to any of the available endpoints. These endpoints can be reviewed in our REST API documentation. What this means for you Data at speed – Your Immersive data is just a request away. With each API request, you can quickly gather and manipulate your data as needed. Flexible design – Utilizing our REST API offers significant control over the process of transmitting data from Immersive to a target system of choice. System integration – Each API response will be received as JSON formatted data, allowing straightforward integration with BI systems, databases, or any other target system. How it works API requests to our various available endpoints allow you to seamlessly pull Immersive data and relay it to your system of choice. Gathering data via the REST API offers unparalleled flexibility and control over when and how your data is transmitted. Who can do this To generate an API key and secret token, you must have an administrator account in Immersive. If you’re interested in working with the REST API, but don’t have the proper permissions to initiate the process, please reach out to an Immersive administrator within your organization. Getting started From an Immersive administrator account, navigate to the Platform Settings sections within the Manage tab at the top of your screen. Once in the platform settings, navigate to API within the sidebar. You should then see the option to Generate API key. Select this option and add an appropriate label that describes the intended use. After clicking Generate, you should see an Access key and Secret token that can be copied and utilized for the initial authentication. Once you’ve generated your Access key and Secret token, please follow our REST API documentation and API Guide for authentication, requests, and pagination guidance. The documentation also includes each of the available API endpoints. If you have any questions or issues as you implement your API connection, please contact our support team, and we will help ensure a smooth integration. The future of cybersecurity skills development is here The Immersive REST API represents a significant step forward in cybersecurity skills development. By combining the power of hands-on learning with personalized pathways and data-driven insights, we're empowering organizations to build the cybersecurity teams of the future. We're excited about the possibilities this integration unlocks and can't wait to see the impact it has on your organization's cybersecurity posture. Share your thoughts While we continue to develop this powerful integration, we would love to hear from you! If you have specific use cases for the Immersive REST API, please let us know in the comments and our team can look into the feasibility of each possible enhancement. We're on a mission to enable more integrations, so tell us, which other integrations would you like to see this year?
